Tom Ivar Helbekkmo wrote:
I guess the first few packets from them to you might get dropped
because they don't match an "established" outbound connection, but
as soon as you start sending packets to them, your firewall will
allow two-way flow...

That's the trick, yes. It works because RTP streams look as if they are bidirectional, so as soon as the first outgoing packet has been transmitted, the incoming stream is permitted.

I like your setup. I guess this will reduce some malicious incoming attack. Does performance suffers from this? Do I need canreinvite=yes?


Regards,
Norman Zhang
_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to